CVE-2021-33393

lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the...

CVE-2025-34287

Nagios XI versions prior to 2024R2 contain an improperly owned script, processperfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary cod...

CVE-2025-34287 Nagios XI < 2024R2 Privilege Escalation via process_perfdata.pl

Nagios XI versions prior to 2024R2 contain an improperly owned script, processperfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary cod...

CVE-2025-34287

Nagios XI prior to 2024R2 is affected by a local privilege escalation due to an improperly owned script, process_perfdata.pl, which runs as the nagios user but is owned by www-data and writable by www-data. An attacker with web-server privileges could modify the script and trigger arbitrary code ...

EUVD-2022-45526

Malicious code in bioql PyPI...

CVE-2013-3270

EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership...

Tomcat: Insecure installation

Background Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages. Description The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init scripts as tomcat:tomcat, but those scripts are executed with root privileges when the system is started...